Add PE binary cataloger#3911
Conversation
wagoodman
force-pushed
the
add-pe-binary-cataloger
branch
from
8ecb91b to
09dd47d
Compare
There was a problem hiding this comment.
this file was moved from syft/pkg/cataloger/dotnet/pe.go and some types and functions were exported -- nothing more.
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
wagoodman
force-pushed
the
add-pe-binary-cataloger
branch
from
09dd47d to
1f398d0
Compare
| "purl" | ||
| ] | ||
| }, | ||
| "PeBinary": { |
There was a problem hiding this comment.
nit: should this match the struct case of PEBinary?
There was a problem hiding this comment.
the struct itself is already called PEBinary, we're looking at the name in the JSON schema (which has pretty simple rules for coming up with definition names)
There was a problem hiding this comment.
My comment was just about PE vs Pe
|
|
||
| var ( | ||
| // spaceRegex includes nbsp (#160) considered to be a space character | ||
| spaceRegex = regexp.MustCompile(`[\s\xa0]+`) |
There was a problem hiding this comment.
smallest nit: I'm sure we have this elsewhere and probably should be using this elsewhere -- it could be useful to have some standard functions/regexes/etc. that catalogers could share rather than re-writing this multiple times; and #160 isn't always obvious to include in whitespace, but we probably want to almost everywhere we are trimming or otherwise dealing with whitespace. Maybe a shared spaceNormalize is what I'm thinking of
There was a problem hiding this comment.
I don't see any other places in the code where we're doing ReplaceAll(subject, <space-like-things>, " ") (or similar) --if you find some examples of this happy to refactor in a follow up PR.
2 participants
This adds (back) the ability to detect packages from arbitrary
dllandexefiles. Before #3563 and #3768 were merged thedotnet-catalogerwould claim that alldlls/exesfound were .NET applications, which was not ideal -- these PRs (correctly) removed these findings so that only binaries with CLR evidence were raised up.This new
pe-binary-catalogerignores any files that have CLR evidence as these files are already being considered in the .NET-based catalogers.In terms of refactors, it made sense to take much of the PE parsing logic and centralize it under an internal package to use it across the .NET and binary catalogers.
Type of change
Checklist